Bug 23950 - flash-player-plugin security update 32.0.0.101
Summary: flash-player-plugin security update 32.0.0.101
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-12-06 13:47 CET by Nicolas Salguero
Modified: 2018-12-07 13:54 CET (History)
2 users (show)

See Also:
Source RPM: flash-player-plugin
CVE: CVE-2018-15982, CVE-2018-15983
Status comment:


Attachments

Description Nicolas Salguero 2018-12-06 13:47:34 CET
Hi,

Version 32.0.0.101 fixes CVE-2018-15982 and CVE-2018-15983.

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15983

Best regards,

Nico.
Nicolas Salguero 2018-12-06 13:48:23 CET

CVE: (none) => CVE-2018-15982, CVE-2018-15983
Assignee: bugsquad => nicolas.salguero
Source RPM: (none) => flash-player-plugin

Comment 1 Nicolas Salguero 2018-12-06 14:17:19 CET
Suggested advisory:
========================

Updated flash-player-plugin package fixes security vulnerabilities:

Use after free flaw enabling arbitrary code execution. (CVE-2018-15982)

Insecure Library Loading (DLL hijacking) flaw enabling privilege escalation. (CVE-2018-15983)

References:
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15983
========================

Updated packages in nonfree/updates_testing:
========================
flash-player-plugin-32.0.0.101-1.mga6

from flash-player-plugin-32.0.0.101-1.mga6.src.rpm

Status: NEW => ASSIGNED
Version: Cauldron => 6
Assignee: nicolas.salguero => qa-bugs

Comment 2 Dave Hodgins 2018-12-07 00:40:50 CET
Tested in opera 12.16. Advisory committed to svn. Validating the update.

Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2018-12-07 13:54:05 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0478.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.